Lucene search
K

32 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 6:6 p.m.7 views

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 6:6 p.m.4 views

CVE-2026-33720 n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24420

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...

9.3CVSS5.8AI score0.00519EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28477 OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9923

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

5.9CVSS6AI score0.00133EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.9 views

GitLab 17.9 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-7736)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass...

4.3CVSS5.7AI score0.00242EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : curl-7.76.1-14.el9.4.ML.1 (AXSA:2022-4366:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4366:04 advisory. curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl: auth/cookie leak on redirect...

8.1CVSS6.8AI score0.03425EPSS
Exploits4References5
NVD
NVD
added 2025/11/20 7:16 p.m.6 views

CVE-2025-63700

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

0.00095EPSS
Exploits0
CVE
CVE
added 2025/11/20 12:0 a.m.23 views

CVE-2025-63700

Clerk-js 5.88.0 contains a security issue where an attacker can bypass the OAuth authentication flow by manipulating the OTP verification request. The publicly documented evidence across sources (Red Hat CVE notes, EUVD, GHSA advisory, and OSV/GHSA mirrors) consistently reference the OTP verifica...

6.4AI score0.00095EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-7736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowe...

4.3CVSS5.6AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.3 views

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

4.3CVSS6.7AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability in GitLab CE and EE versions 17.9 through 18.3.6 prio...

4.3CVSS6.7AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2025/10/03 9:12 p.m.6 views

CVE-2025-61673 Karapace is vulnerable to Authentication Bypass

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...

8.6CVSS7AI score0.0037EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-30034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then acce...

8.6CVSS7.8AI score0.01339EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-0549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to...

6.8CVSS5.5AI score0.0033EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/11 5:7 p.m.34 views

CVE-2025-0549

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

6.8CVSS6.6AI score0.0033EPSS
Exploits1References1
NVD
NVD
added 2025/05/09 5:15 p.m.18 views

CVE-2025-0549

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through...

6.8CVSS0.0033EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.20 views

GitLab 17.3 < 17.9.8 / 17.10 < 17.10.6 / 17.11 < 17.11.2 (CVE-2025-0549)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows...

6.8CVSS5.6AI score0.0033EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.9 views

PT-2025-20572 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that allows attackers to bypass Device OAuth flow...

7.1CVSS6AI score0.0033EPSS
Exploits1References12
FreeBSD
FreeBSD
added 2025/05/07 12:0 a.m.27 views

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

6.8CVSS7AI score0.0033EPSS
Exploits1References1
Rows per page
Query Builder